Valorant anti-cheat update renders $6,000 cheating hardware useless

At a glance:

• Valorant's Vanguard anti-cheat update blocks DMA cheating devices worth up to $6,000
• Riot Games mocked affected cheaters on social media, calling the hardware "brand new $6k paperweights"
• DMA devices are temporarily unusable but can be restored by reinstalling the operating system

The Anti-Cheat Victory

Valorant cheaters recently discovered their expensive investments had turned into useless paperweights overnight as Riot Games updated the Vanguard anti-cheat software to block DMA (Direct Memory Access) cheating devices. The update effectively neutralized hardware that some players had invested up to $6,000 in, creating a significant setback for the cheating community. While the devices are not permanently destroyed, they are rendered unusable for cheating purposes, requiring a full operating system reinstall to function normally again. However, once restored, installing Valorant or Vanguard on the same system will result in the same blocking, creating a cycle that effectively prevents the use of these expensive devices for cheating.

Riot Games didn't stop at simply banning the offenders; the company took to social media to openly mock the affected players. In a now-viral tweet, the studio declared: "Congrats to the owners of a brand new $6k paperweight." This brazen approach has divided the gaming community, with some members applauding Riot Games for dropping the "massive ban hammer" on cheaters, while others question the ethical implications of such intrusive anti-cheat measures. The kernel-level access required by Vanguard represents the highest possible privilege on a system, leading some users to express concerns about potential vulnerabilities and misuse.

Understanding DMA Cheating

DMA cards are legitimate hardware tools vital for professionals such as debuggers, developers, and cybersecurity researchers. These devices allow external hardware to read and write directly to a computer's memory without passing through the processor, which is why they've become valuable in professional settings. However, over the years, cheat developers have repurposed these cards for a different objective: bypassing anti-cheat software. This misuse has created an ongoing cat-and-mouse game between cheaters and game developers, with each side continuously developing countermeasures and new methods to gain an advantage.

Competitive online multiplayer games like Valorant typically employ kernel-level detection systems that continuously monitor the processor and operating system for unauthorized cheat software. This approach flags software-level cheats almost instantaneously, which is why cheat developers have increasingly turned to DMA cards to separate the cheat software from the computer running the game. By using DMA devices, cheaters can execute their cheating software on a separate machine while still interacting with the game through legitimate-looking inputs, effectively bypassing the most common anti-cheat detection methods.

The Cheater's Arsenal

Phillip Koskinas, the Head of Anti-Cheat at Riot Games, recently shared an example of what a typical DMA cheating device setup looks like, revealing the complex lengths some players will go to gain an unfair advantage in a free-to-play game. The setup appears as a Frankenstein project cobbled together in someone's garage, showcasing both the technical sophistication and the questionable priorities of those willing to invest significant resources into cheating. This demonstration highlights the ongoing arms race between game developers and those determined to undermine fair competition.

There are many variations of a DMA cheating setup, but they generally follow a similar pattern. At its core, the process begins by installing a DMA card into the primary computer that's running the game. Cheat developers then flash these cards with custom-modified firmware to disguise the DMA device and trick the operating system into thinking it's another type of hardware, such as a network adapter or USB expansion card. This disguise is crucial for avoiding detection by basic system monitoring tools.

The Second Command Center

The setup requires a second computer, which can be anything from a laptop to a mini-PC, that acts as the command center for running the actual cheat software. This secondary system connects to the primary gaming system through a standard USB connection, allowing the DMA card to provide direct access to the gaming machine's memory. This connection enables the second system to read real-time game data without being detected by the game or its anti-cheat systems, as the cheating software never actually runs on the gaming machine.

To complete the circuit, cheaters must add a KMBox, a hardware controller that emulates physical keyboard and mouse inputs, to bridge both systems. The commands generated on the second system travel through the KMBox to the primary PC as legitimate movements and actions, creating a seamless interface that allows for sophisticated cheats like aimbots and wallhacks. This separation between the cheating software and the game client represents one of the most advanced methods of circumventing modern anti-cheat systems.

Riot's Countermeasure

Logically, Riot Games won't disclose exactly how it neutralized these DMA cheating setups, as doing so would allow cheat developers to quickly develop countermeasures. However, the prevailing theory among security experts is that the latest Vanguard update is now enforcing stricter IOMMU (Input-Output Memory Management Unit) checks. The IOMMU is a critical component inside a processor that's responsible for managing and regulating how peripheral devices access system memory, essentially acting as a security gatekeeper for hardware interactions.

Rumors within the gaming security community suggest that Vanguard now specifically blocks DMA firmware that attempts to communicate over SATA or NVMe protocols, two popular interfaces used by cheat developers to masquerade the DMA card as a legitimate storage controller. This targeted approach would effectively prevent the most common methods of DMA-based cheating while potentially leaving other legitimate uses of DMA devices unaffected. The sophistication of this countermeasure demonstrates Riot Games' commitment to maintaining fair gameplay in its competitive title.

The Ethics of Anti-Cheat

The aggressive approach taken by Riot Games has sparked a broader discussion about the ethics of intrusive anti-cheat software. While most players support efforts to maintain fair competition, the kernel-level access required by systems like Vanguard raises legitimate concerns about privacy and system security. Some security experts worry that such deep system integration could create vulnerabilities that might be exploited by malicious actors, either through flaws in the anti-cheat software itself or through targeted attacks designed to exploit its privileges.

The situation also highlights the ongoing challenge facing game developers: how to effectively combat increasingly sophisticated cheating methods without infringing on player rights or creating security risks. As cheating technology continues to evolve, so too must anti-cheat systems, potentially leading to an escalation of system-level privileges and deeper integration with players' computers. This arms race between cheaters and developers shows no signs of slowing down, with both sides continuously developing new methods and countermeasures.

The Future of Fair Play

Riot Games' decisive action against DMA cheating devices represents a significant victory for fair play in competitive gaming. By rendering expensive cheating hardware temporarily unusable and publicly mocking those who invest in such systems, the company has sent a strong message that cheating will not be tolerated, regardless of the technological sophistication involved. This approach may deter potential cheaters who are aware of the financial risks involved in purchasing specialized cheating hardware.

Looking ahead, it's likely that both sides will continue to evolve their tactics. Cheat developers will undoubtedly seek new methods to bypass anti-cheat systems, while game developers like Riot Games will refine their detection capabilities and potentially develop even more sophisticated countermeasures. The ongoing battle between fair play and unfair advantage remains a defining challenge in the world of competitive online gaming, with significant implications for both the integrity of competitions and the player experience.